14 DAY TRIAL // The earthquake that hit China two days ago is still being used as a theme for scareware-pushing black hat search engine optimization campaigns. Search results related to the unfortunate event are riddled with malicious links trying to infect users.
On April 14th at 7:49 am local time (April 13th 23:49 pm UTC), an earthquake with a magnitude of 6.9 struck China's Qinghai Province. The quake wrecked most buildings in Gyêgu, the capital of the Yushu prefecture and the closest town to the epicenter.
So far, there have been over 600 confirmed deaths and over 9,000 people injured, but authorities continue to search for survivors. Two aftershocks of magnitudes greater than 5 have already been recorded and experts warn that more could follow at any time, keeping this natural disaster at the top of news headlines.
As Internet users rely on search engines to keep up-to-date with ongoing rescue efforts or international response, keywords related to the subject have considerably risen in popularity. But as usual, cybercrooks keep an eye on these search trends and jump at any occasion to poison the results and distribute some more malware.
The Tech Herald reports that, in this case, the black hat SEO campaigns were so potent that searching for predictable phrases like “china earthquake 2010” resulted in predominantly malicious results. It is also worth noting that, even though Google is trying to keep up with these attacks and tag these links as unsafe through its Safe Browsing initiative, there are still many that are not yet blocked.
The unfortunate users who end up visiting these rogue URLs get bombarded with fake security alerts encouraging them to install an alleged antivirus program on their computers. In reality, the purpose of such applications, which are collectively referred to as scareware or roguware, is to convince users to expose their financial details.
Security researchers urge everyone to trust only reputable news sources when searching for information over the web and to always run a capable, up-to-date antivirus program on their systems. Users can add an additional layer of protection by deploying browser security extensions such as NoScript, Web of Trust (WOT) or Finjan's SecureBrowsing.